I like to say that Windows Server “8” is a transformational release. We stopped thinking of ourselves as an OS for an individual server and started thinking of ourselves as an OS equally suited for a single server or a cloud using lots of servers. We’ve always been concerned about our customers’ Capital/Operation expense (Capex/Opex) but when we think about customers with deployments of tens or thousands (or hundreds of thousands) of servers, everything changes. Efficiency, operational agility and automation features change from being nice-to-haves to being critical. Everyone knows these things but running our own cloud services really drives the point home. It’s the difference between knowing to keep your hands up because your boxing coach told you to and knowing it because you just got hit in the face. There is nothing like experience to motivate real and lasting change.
All the things we did for the cloud make things better for every customer, even those with a single server. If you choose not to use the automation we deliver, you’ll still benefit from all the great tools that our automation enables and, of course, everyone benefits from reduced patching and reboots.
Server Core is at the heart of our Cloud OS effort. We started investing in Server Core with Windows Server 2008. That wasn’t a huge hit, but we now think we’ve achieved critical mass with Windows Server “8” and are recommending it as the preferred configuration. We are telling our independent software vendor partners that they need to support Server Core and move to a remote GUI model. We still provide “Server with a GUI” as a compatibility option and added “Minimal Server Interface” as an option for those applications or admins that want some of the benefits of Server Core but need a little more time to make the full transition. This blog gives the background and some of the details behind our Server Core initiative.
David Cross, Partner Program Manager in Windows Server, authored this post.
Building an Optimized Private Cloud using Windows Server “8” Server Core
Private clouds offer the promise to deliver scalable, dynamic, multitenant-aware services with minimal capital purchases and operational expenses. Private clouds deliver their true potential when deployed on an optimized platform running an optimized Server operating system. A cloud-optimized Server operating system delivers:
- Multi-tenancy and scaled remote management
- Consistent automation and scripting
- Flexible settings and configuration
- Low cost storage and reliability
- Efficiency and power management
- Minimized patching and external attack surface
- Open web and application development model
- Optimized size and footprint
These are the things we invested in for Windows Server “8” and are among the many reasons why it is the best cloud-optimized operating system. In planning the release, we spent over $10 million dollars and a year talking to the community and cloud solution builders. In those conversations, we heard the clear message that deployment agility and optimization were critical to your success. Let’s talk about what we have done to respond to that feedback.
As we highlighted and shared in our earlier blog post, the recommended deployment configuration for Windows Server “8” is Server Core. Server Core minimizes the disk space and memory requirements for Windows Server, enabling administrators to increase the density of their virtual machines and scale out their deployments significantly. We not only accomplish considerable space savings, reducing storage costs, but we also minimize the attack surface area, thereby also increasing security and reliability. Naturally, reducing the overall footprint of Windows Server also limits the number of components that must be patched on a given server. The minimum number of applicable patches reduces the frequency of reboots and increases server availability.
Looking at what we have advanced in the Windows Server “8” beta, you can see in the following table how we have focused on provided the capability, manageability and agility needed for deploying applications and services in a private cloud:
Windows Server 2008
Windows Server 2008 R2
Windows Server “8”
13 roles and SQL Server 2012 support
Command line scripting only
PowerShell + 230 cmdlets
PowerShell + greater than 2,430 cmdlets and Server Manager support
Mutually exclusive: install in Server Core mode or in Full Server mode only
Mutually exclusive: install in Server Core mode or in Full Server mode only
Ability to add/remove roles to move between Server with a GUI Minimal Server Interface Server Core as well as a features on demand capability
Let’s now drill in a little more into our approach in this release; but first, let me provide a little history of Server Core to set some context for those not familiar with this deployment model. For many years, most of the Windows operating system was delivered as a monolithic component known as Windows Foundation. Windows Foundation included Windows Explorer, .NET framework, desktop shell, drivers, multimedia support, and Internet Explorer. Optional features and server roles were separate components that could be installed on top of the Windows Foundation.
In Windows Server 2008, we introduced Server Core with the goal of allowing you to only install those Windows components needed by your application. Server Core is a separate installation option and optional features and server roles are separate components which can be installed on it. This approach maximizes the server resources available to your application while reducing the security and serviceability footprint of this server. Server Core delivered a significant reduction in reboots due to reduced patching needs but only for a limited number of roles and workloads. Customer feedback showed that the adoption of Server Core in Windows Server 2008 was limited for the following reasons:
- Customers needed roles and products (SQL Server in particular) that were not available on Server Core. Only 9 of 17 Server Roles ran on Server Core
- Lack of PowerShell and no Server Manager support made it difficult to manage.
- There was no conversion between Server Core and Full Server. If you installed Server Core and needed to switch to Full Server, you needed to start over.
Figure 1. Windows Server 2008 component structure.
Next Generation Server Core
While the first release of Server Core did not have wide adoption, it was very successful for those customers that used it. In Windows Server 2008 R2, we expanded Server Core support to several new server roles and added the .NET Framework and PowerShell. This increased the number of people that could use Server Core and made it easier for those that were using it. However, Server Core remained a separate Windows installation option with no path to a full installation. Based on customer feedback and desires to more widely use Server Core in private cloud deployments, we have made a large investment in Server Core capabilities in Windows Server “8” to increase deployment flexibility and also bring Server Core support to more server roles. The following roles are supported on Windows Server “8” in Server Core mode:
- Active Directory Certificate Services
- Active Directory Domain Services
- Active Directory Lightweight Directory Services (AD LDS)
- Active Directory Rights Management Server
- DHCP Server
- DNS Server
- File and Storage Services (including File Server Resource Manager)
- Print and Document Services
- Remote Desktop Services sub roles
- Remote Desktop Connection Broker
- Remote Desktop Licensing
- Remote Desktop Virtualization Host
- Routing and Remote Access Server
- Streaming Media Services (available as a separate download)
- Web Server (including a subset of ASP.NET)
- Windows Server Update Server
In addition, many server applications such as SQL Server 2012 will support Server Core in Windows Server “8.”
From an architectural perspective, we have streamlined the Server Core component to serve as a minimal common base for all Windows Server editions, and refactored the Windows Foundation into several components that can be installed and uninstalled individually. For example, with a single command, it is now possible to go from a Server Core machine with a command-prompt-only user interface to Server with a GUI with the complete Windows desktop. Moreover, it is just as easy to do the reverse transition. Either transition can be accomplished in only a few minutes and requires (at most) a single reboot.
Figure 2. Windows Server “8” component structure.
If you have the Windows Server “8” Beta installed, you can try these new capabilities yourself. To convert a Server with a GUI installation of Windows Server “8” to Server Core, start PowerShell and run the following command:
Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -Restart
To re-install the GUI components, start PowerShell and run:
Install-WindowsFeature Server-Gui-Shell -Restart
One of our goals in Windows Server “8” was to maintain Server Core as streamlined as possible by allowing customers to limit their installs to “just enough” of Windows to fulfill their server’s desired function. For more information on how we did this see the Reducing the Disk Footprint with Features on Demand section below.
The Minimal Server Interface
Over the past two releases, service providers and IT professionals shared their needs for management and configuration of the operating system. In reality, many administrators love the agility and capability of the Server Core deployment mode, yet some want the flexibility of having the graphical tools available on the server without the overhead of the entire GUI and desktop.
The largest components (in terms of storage requirements) in Windows Server are comprised of the graphical user interface, or GUI. Based on historical patch data, GUI components are typically patched more frequently than their non-GUI counterparts. Of the GUI components in Windows, the two largest are Windows Explorer and Internet Explorer. Incidentally, these are also used rather infrequently on Windows Server installations. Accordingly, we moved Windows Explorer and Internet Explorer into an optional package, which can be enabled or disabled through the Server Manager interface, PowerShell, or the command line.
In Windows Server “8,” we are introducing a new experience called the Minimal Server Interface that enables most local GUI management tasks without requiring the full GUI Shell or Internet Explorer to be installed. The Minimal Server Interface contains binaries that provide comprehensive local management capabilities. To configure a Windows Server “8” machine with the Minimal Server Interface, ensure that the Graphical Management Tools and Infrastructure package is enabled and that the remaining Desktop Experience and Server Graphical Shell packages are disabled.
Figure 3. Feature selections showing the Minimal Server Interface
The Minimal Server Interface is actually a Server with a GUI install excluding Internet Explorer, Windows shell components such as the desktop, Windows Explorer, Metro-style application support, and the Desktop Experience. MMC and the new Server Manager, which can be used to manage local and remote Windows servers as well as serving as the new launch point for Windows server management tools, are both included in the Minimal Server Interface. Because the Minimal Server Interface does not include Explorer or the Server Graphical Shell, not all GUI management functionality is available. Namely, control panel applets implemented as shell extensions are not available. These include:
- Programs and Features
- Network and Sharing Center
- Devices and Printers Center (however, Device Manager is available)
- Display settings (however, there is a new tool called SetRes to allow the display resolution to be changed)
- Firewall control panel (however, Advanced Firewall MMC snap-in is available)
- Windows Update
- Storage Spaces
Most MMC snap-ins can also be installed independently of their corresponding roles using the Remote Server Administration Tools (RSAT) optional feature. In some cases, certain functionality within MMC snap-ins may be limited. For example, local help may not be available or the details pane of a snap-in may be constrained without Internet Explorer to display HTML.
The Minimal Server Interface, though it is not as large as an installation that includes the Server Graphical Shell, still requires roughly 4 GB more disk space than Server Core alone. Thus, we wanted to make sure that even the Minimal Server Interface can be removed whenever it is not needed. The Graphical Management Tools and Infrastructure feature can be uninstalled to convert the server to Server Core. In addition the MMC snap-ins for the server roles can be easily installed on client editions of Windows 8 using the Remote Server Administration Tools (RSAT), to facilitate remote management of Windows servers. In addition, we are introducing over 2,430 new PowerShell cmdlets to enable local and remote management.
Reducing the Disk Footprint with Features on Demand
By default, the files for all available Windows components are stored in a directory called the side-by-side component store, or WinSxS. The structure of this directory was carefully designed to provide a number of benefits. For example, installation media is never required to turn any Windows feature on or off. In addition, Windows updates can be applied in any order—and any update can be completely skipped if an administrator so desires. Enabling this functionality requires a version of every Windows component that can be installed to be stored in the winsxs folder, requiring disk space which is always at a premium. As growing numbers of virtual machines vie for space on relatively expensive high-performance disks, SANs, and SSDs, we saw the need to enable administrators to reduce the disk footprint of Windows Server “8.” At the same time, we wanted to maintain the high level of patch and deployment flexibility that administrators have grown accustomed to.
In Windows Server “8”, we have added the capability for administrators to completely remove unneeded roles and features from their installations. In previous versions of Windows, a feature can be either “Enabled” or “Disabled.” In Windows Server “8,” there is a new state called “Disabled with payload removed.” The new -Remove flag on the Uninstall-WindowsFeature PowerShell cmdlet will put a feature into this state which removes all of its files from the winsxs folder.
For example, you can completely remove Windows Explorer, Internet Explorer, and other dependent components (and all their associated files) from disk with the following PowerShell command:
Uninstall-WindowsFeature Server-Gui-Shell -Remove
When a feature is disabled with the payload removed, the files are actually deleted from the side-by-side store and completely removed from disk. Consequently, this feature cannot be reinstalled without providing an installation source specified on the Install-WindowsFeature cmdlet with -source. By default, Windows will download missing components from Windows Update if an Internet connection is available (this behavior can be disabled if desired). If Internet access is not available the Windows image file (install.wim) available on the DVD can be mounted to provide the installation source. It is also possible to specify a default list of installation sources via Group Policy.
The Features on Demand functionality is already available in the Windows Server “8” Beta. For example, version 3.5 of the .NET Framework is not included in the image you may have downloaded. Not requiring the .NET 3.5 installations enabled us to reduce the file size of the ISO image by approximately 300 MB. Similarly, the files for some “Server with a GUI” components—such as GUI management tools and some server roles—have been removed in a default Server Core installation.
For more information on both Features on Demand as well as how to use Windows PowerShell to convert from a Server Core installation to a Server with a GUI installation, please see the Windows Server Installation Options article on TechNet.
Reboot and Patch Reduction
As we shared in our previous blog posting, we have been doing a lot of work to minimize the frequency of reboots due to servicing. Accordingly, Windows Update has been designed so that features which are not installed are also not patched. By disabling frequently-serviced and infrequently-used optional features—such as the GUI components on most servers—using Server Core it is possible to achieve a 40-60% reduction in patches based on historical data.
The above chart shows how many months a Windows Server Core deployment would have been able to go without reboots since the release of the respective product. Applicable patches are security updates offered and recommended by Windows Update. These patches are offered simply because the files affected by the patch are installed on the system. Necessary patches are a subset of applicable patches which are called out in security bulletins (such as MS08-052) that explain which of the applicable patches actually need to be installed for a particular scenario.
For example, in the case of MS08-052, a patch is offered for GDI+ that fixes a vulnerability that could enable malicious remote code execution. However, the vulnerability is only exploitable in certain situations, namely when certain programs other than Windows Server itself is installed. An administrator could safely opt out of this particular update if he or she determined the patch could not actually be exploited, thus saving a reboot. By installing only necessary patches, the number of reboots can be further reduced.
It is possible to reduce reboots even more by opting to install only critical updates. Since the RTM of Windows Server 2008, a Server Core installation could have seen 26 months without reboots – roughly one reboot every two months –a 67% savings as compared to a Server with a GUI installation.
We built Windows Server “8” to provide the greatest flexibility and resource optimization for all datacenters and cloud environments. The Server Core deployment mode provides increased uptime, reduced maintenance, optimized disk space and memory runtime requirements, and offers faster, more efficient deployments than ever before. We would like to encourage IT professionals and customers to enable your datacenters or private cloud deployments to use Server Core and the Minimal Server Interface, in order to provide the best possible solution for next generation solutions and applications.